Meraki

Community
  • About PhilipDAth

About PhilipDAth

Re: Connect Meraki VPN to another manufacturer

by Kind of a big deal in Security & SD-WAN
Tuesday
Tuesday
You could create a VLAN port on the MX and Fortinet, plug the dark fibre into those LAN ports, and simply use static routes to move the traffic between the two sites.   No VPN required. ... View more

Re: Work in progress main rack

by Kind of a big deal in Meraki Projects Gallery
a week ago
a week ago
Amazing job.  It looks great. ... View more

Re: Replacement Product of Meraki MX100-HW

by Kind of a big deal in Dashboard & Administration
a week ago
a week ago
You can use this sizing guide to compare the MX100 and the MX95. https://documentation.meraki.com/MX/MX_Sizing_Information/MX_Sizing_Principles   ... View more

Re: Recommended AnyConnect VPN Subnet to Avoid Conflicts with Home Networks

by Kind of a big deal in Security & SD-WAN
a week ago
2 Kudos
a week ago
2 Kudos
I think 192.168.50.0/24 is safe.  I have never seen a home router configured to use this range. ... View more

Re: Meraki Wireless and Wired Validated Design runbook/playbooks

by Kind of a big deal in Wireless
a week ago
3 Kudos
a week ago
3 Kudos
You'll need to undergo training to gain this knowledge.  You may want to start with the Learning Hub. https://community.meraki.com/t5/Learning-Hub/ct-p/hub   ... View more

Re: upgrade sw C9300L-48P-4X from MS 17.2.1 (latest stable) to IOS XE 17.15...

by Kind of a big deal in Switching
a week ago
a week ago
Did you upgrade via the Meraki Dashboard, or manually via SSH?   Are these fully Meraki managed, or in "Hybrid" mode (used to be called "Meraki Monitoring")? ... View more

Re: Setting up SAML for 2 Meraki tenants, one Azure tenant.

by Kind of a big deal in Dashboard & Administration
a week ago
a week ago
>Do we have a way to have different Enterprise Apps configured for different Meraki tenants?    The accepted solution is the correct answer.  You should only have a single Enterprise App, and then put the certificate thumbprint into each Meraki Dashboard that you want to use that Enterprise App. ... View more

Re: Spanningtree root switch

by Kind of a big deal in Switching
2 weeks ago
2 weeks ago
I would make SW3 the spanning tree root. ... View more

Re: Spanningtree root switch

by Kind of a big deal in Switching
2 weeks ago
2 weeks ago
If only we could live in a perfect world.  🙂 I understand. ... View more

Re: Network Access Policy stops working and nobody knows why

by Kind of a big deal in Switching
2 weeks ago
2 weeks ago
What appears in the switch event logs when this happens? What appears in the RADIUS logs when this happens? ... View more

Re: Restrict traffic of a VLAN to only the ports in the VLAN

by Kind of a big deal in Switching
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
>You could also rehome the vlans to your firewall   When the data flows are not high - this is my preferred approach.  I like to do all my firewalling and access restrictions in one place.   Switch ACLs can also be applied per-vlan - so you could consider moving these devices into their own VLAN.  You can also simply specify the devices address in the source and destination field.   If you have an MS Advanced licence, and a suitable switch, you could also consider using Adaptive Policy.  You can apply a policy to a specify port this way, using an Adaptive Policy "tag". https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy_Overview   ... View more

Re: Spanningtree root switch

by Kind of a big deal in Switching
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
I would fundamentally change your design.  I would not plug two switches into an MX.   Choose one switch to be the core, make it the spanning tree root, and then plug all other switches into it. ... View more

Re: MX network disruptions after snort rule update

by Kind of a big deal in Security & SD-WAN
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
And also: https://status.meraki.net/ ... View more

Re: By error I put a SW in other network and I need to put in the network c...

by Kind of a big deal in Switching
2 weeks ago
2 weeks ago
This guide covers moving a device between networks. https://documentation.meraki.com/General_Administration/Inventory_and_Devices/Moving_Devices_between_Networks   ... View more

Re: Hotel Network Setup

by Kind of a big deal in Meraki Projects Gallery
2 weeks ago
2 weeks ago
I love your work. ... View more

Re: VPN Failover Delay in Dual MX68 VIP HA Setup When LAN Disconnects

by Kind of a big deal in Security & SD-WAN
2 weeks ago
3 Kudos
2 weeks ago
3 Kudos
We really need Port-Channel support in the MX .... just saying. ... View more

Re: Meraki Access Manager - with username+password

by Kind of a big deal in Full-Stack & Network-Wide
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
Good attempt, but neither of those help. ... View more

Meraki Access Manager - with username+password

by Kind of a big deal in Full-Stack & Network-Wide
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
I'm trying to follow this guide to try out Access Manager using username+password authentication. https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_Username%2F%2FPassword_Authentication_-_EAP-TTLS%2F%2FPAP_with_Entra_ID_Lookup   The issue is on the Entra ID side. I configured an exclusion in every conditional access policy for the app (yucky, but ok).  So 100%, there is no policy requiring MFA.   Our authentication methods policy has been fully migrated to use modern policies.     Despite having every conditional access disabled through exclusion, Entra ID is saying the authentication failed because MFA is required.  Everyone has to do the above migration - there is no choice.         So does this mean the entire section on using username/password authentication against Entra ID in the new Access Manager is a non-starter?  Anyone who has it working at the moment will have it fail when their tennancy is forced migrated? ... View more
Labels:

Re: ASA 5516-X to Meraki MX84 migration

by Kind of a big deal in Security & SD-WAN
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
MX does not support port-channels.  You can't use them. ... View more

Re: Level of ISE license required for wifi

by Kind of a big deal in Wireless
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
You know you can do this with an ordinary Windows Server without buying anything extra?  You install the Windows NPS component. https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise   ... View more

Re: 🚀 Meraki API is a top 3 Finalist - help us win 1st place! 🚀

by Kind of a big deal in Developers & APIs
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
Done.  Love the memes.  You may have missed your true calling. ... View more

Re: Can we use a MR36 as AP in a remote site with a Bell firewall (no Merak...

by Kind of a big deal in Wireless
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
If you are using PSK authentication or one of Meraki's cloud-based authentication options and they only need Internet access, then it is very simple. This will do exactly what you need. ... View more

Re: Can't VPN from an EC2 instance any longer?

by Kind of a big deal in Security & SD-WAN
2 weeks ago
2 weeks ago
That is suspicious timing.   Do you have access to an AWS environment where you could test if it is working or not? ... View more
My Accepted Solutions
View all
© 2025 Cisco Systems, Inc.